ESET researchers have released a technical analysis of DynoWiper, a new data-wiping malware recently used in a cyberattack targeting a company in Poland's energy sector. The malware is attributed with medium confidence to the Russia-aligned threat group Sandworm (Unit 74455). This incident is notable as it represents a rare case of a destructive attack by this group within a European Union country, moving beyond their typical focus on Ukraine.
DynoWiper shares significant TTPs with the ZOV wiper, which was previously used against Ukrainian financial and energy targets. The malware operates in multiple phases, recursively overwriting file contents with random data while excluding critical system directories to maintain stability before forcing a system reboot. Analysis suggests that the attackers leveraged Active Directory Group Policy Objects (GPO) for distribution, a hallmark of Sandworm’s high-privilege operational capabilities.
Top comments (0)